Create an SSL certificate

To create a SSL certificate run the following command and input the requested information.

1

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt

Edit config and enable HTTPS for Apache

Edit the default ssl config site to at least contain the following

/etc/apache/sites-availiable/default-ssl

1
2
3
4
5

<VirtualHost *:443>
    SSLEngine on
    SSLCertificateFile     /etc/ssl/localcerts/apache.crt
    SSLCertificateKeyFile  /etc/ssl/localcerts/apache.key
</VirtualHost>

The site then needs to be enabled along with the ssl capabilities of Apache. The server then needs to be reloaded but I prefer to restart Apache.

1
2
3

sudo a2enmod ssl
sudo a2ensite default-ssl
sudo service apache2 restart

Force Wordpress to use SSL for Admin logins

To get Wordpress to use SSL just for admin sessions and logging in is simple. It is achieved by adding a single line to the wp-config.php file but before the stated line like below. Beware once this option is set connections will use HTTPS port 443 so ensure Apache is configured to listen on this port as well.

/usr/share/wordpress/wp-config.php (on debian systems)

1
2
3

define('FORCE_SSL_ADMIN', true);
require_once(ABSPATH . 'wp-settings.php');
?>

How to force use of HTTPS in Apache using htaccess

First ensure that in the virtual server allows the use of htaccess files to be read and acted upon. This is achieve by changing the allowoveride setting in the virtual server config from None to All.

1
2
3
4
5
6

<Directory /var/www >
 Options Indexes FollowSymLinks MultiViews
 AllowOverride All
 Order allow,deny
 allow from all
</Directory>

Create a .htaccess file in the directory you would like to force the use of HTTPS in.

1
2
3

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https:  %{HTTP_HOST}%{REQUEST_URI}